diff options
Diffstat (limited to '.htaccess')
| -rw-r--r-- | .htaccess | 142 |
1 files changed, 142 insertions, 0 deletions
diff --git a/.htaccess b/.htaccess new file mode 100644 index 0000000..1f00039 --- /dev/null +++ b/.htaccess @@ -0,0 +1,142 @@ +############################################################################# +##### Flyspray .htaccess Config. To be used with Apache Server ### +##### Check for Mod-Rewrite module ############################################ +#### rename this file to .htaccess to use these features +############################################################################### + +AddDefaultCharset utf-8 + +DirectoryIndex index.php index.html + +# Mod security conflicts with flyspray and you do not need it here + +#for mod_security 1 +<IfModule mod_security.c> + SecFilterEngine Off +</IfModule> +#modsecurity 2 +<IfModule security2_module> + SecRuleEngine Off +</IfModule> + +# php5 as apache 1/2 module +<IfModule mod_php5.c> +php_flag register_globals Off +php_flag magic_quotes_gpc Off +php_flag session.use_trans_sid 0 +php_flag session.auto_start 0 +php_flag short_open_tag off +php_flag register_argc_argv Off +php_flag register_long_arrays Off +#not for now, flyspray has it's own filters. +php_value filter.default "unsafe_raw" +php_flag always_populate_raw_post_data Off +</IfModule> + +# php4 as **apache 2** module +<IfModule sapi_apache2.c> +php_flag register_globals Off +php_flag magic_quotes_gpc Off +php_flag session.use_trans_sid 0 +php_flag session.auto_start 0 +php_flag short_open_tag off +php_flag register_argc_argv Off +php_value filter.default "unsafe_raw" +php_flag always_populate_raw_post_data Off +</IfModule> + +# We only use POST GET and HEAD (implicit) +<LimitExcept POST GET> + Order Deny,Allow + Deny From All +</LimitExcept> + +# hide possible development files +<Files ~ "^composer\.(json|lock|phar)$"> + order deny,allow + deny from all +</Files> + +# Some hostings have autocorrection of minor misspelled URLs enabled. +# We do not want that for Flyspray as it could lead to subtile unwanted behavior. +<IfModule mod_speling.c> + CheckSpelling Off +</IfModule> + +# probably mod_negotiation plays foul with mod_rewrite on this two rules: +# RewriteRule ^index$ index.php?do=index [L,QSA] +# RewriteRule ^index/proj([0-9]+)$ index.php?do=index&project=$1 [L,QSA] +# So try to deactivate it by -MultiViews (which is sadly not possible in every web hosting environment - gives error500) +#Options -MultiViews + +<IfModule mod_rewrite.c> +RewriteEngine on + +# Set RewriteBase to urlpath where Flyspray is accessible. +RewriteBase / +# Use this if Flyspray is accessible from a subdirectory of your domain. +#RewriteBase /flyspray/ + +# You can force TLS/SSL by uncommenting this 2 lines if you have a valid certificate for your domain +#RewriteCond %{HTTPS} !=on +#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] +# In the case of TLS/SSL available, set also session.cookie_secure=1 +# so that the session cookie can't be sniffed by Man-in-the-Middle or same network. +# Depends on your server setup/webhosting if done in php.ini, .user.ini or somehow/somewhere else. +# Ask your web hoster if you don't know. + +# used for enabling url_rewriting check in admin prefs +RewriteRule . - [E=HTTP_MOD_REWRITE:On] + +RewriteRule ^.*\?do=admin&area=prefs$ index.php?do=admin&area=prefs [L,QSA] + +RewriteRule ^([0-9]+)$ index.php?do=details&task_id=$1 [L,QSA] +RewriteRule ^task/([0-9]+)$ index.php?do=details&task_id=$1 [L,QSA] +RewriteRule ^task/([0-9]+)comment([0-9]+)$ index.php?do=details&task_id=$1comment$2 [L,QSA] +RewriteRule ^task/([0-9]+)/depends$ index.php?do=depends&task_id=$1 [L,QSA] +RewriteRule ^task/([0-9]+)/depends&prune=([0-9]+)$ index.php?do=depends&task_id=$1&prune=$2 [L,QSA] +RewriteRule ^task/([0-9]+)/edit$ index.php?do=details&task_id=$1&edit=yep [L,QSA] + +RewriteRule ^newtask$ index.php?do=newtask [L,QSA] +RewriteRule ^newtask/proj([0-9]+)$ index.php?do=newtask&project=$1 [L,QSA] +RewriteRule ^newtask/proj([0-9]+)/supertask([0-9]+)$ index.php?do=newtask&project=$1&supertask=$2 [L,QSA] + +RewriteRule ^reports/proj([0-9]+)$ index.php?do=reports&project=$1 [L,QSA] +RewriteRule ^myprofile$ index.php?do=myprofile [L,QSA] +RewriteRule ^user/([0-9]+)$ index.php?do=user&id=$1 [L,QSA] +RewriteRule ^logout$ index.php?do=authenticate&logout=1 [L,QSA] + +RewriteRule ^admin/([a-zA-Z]+)$ index.php?do=admin&area=$1 [L,QSA] +RewriteRule ^pm/proj([0-9]+)/([a-zA-Z]+)$ index.php?do=pm&project=$1&area=$2 [L,QSA] + +RewriteRule ^admin/editgroup/([0-9]+)$ index.php?do=admin&area=editgroup&id=$1 [L,QSA] +RewriteRule ^pm/editgroup/([0-9]+)$ index.php?do=pm&area=editgroup&id=$1 [L,QSA] +RewriteRule ^edituser/([0-9]+)$ index.php?do=admin&area=users&user_id=$1 [L,QSA] +RewriteRule ^register$ index.php?do=register [L,QSA] +RewriteRule ^lostpw$ index.php?do=lostpw [L,QSA] + +# gantt and team are experimental pagetypes not within FS1.0 +RewriteRule ^gantt/proj([0-9]+)$ index.php?do=gantt&project=$1 [L,QSA] +RewriteRule ^team$ index.php?do=team [L,QSA] +RewriteRule ^team/proj([0-9]+)$ index.php?do=team&project=$1 [L,QSA] + +RewriteRule ^roadmap$ index.php?do=roadmap [L,QSA] +RewriteRule ^roadmap/proj([0-9]+)$ index.php?do=roadmap&project=$1 [L,QSA] +RewriteRule ^toplevel$ index.php?do=toplevel [L,QSA] +RewriteRule ^toplevel/proj([0-9]+)$ index.php?do=toplevel&project=$1 [L,QSA] +RewriteRule ^tasklist$ index.php?do=tasklist [L,QSA] +RewriteRule ^tasklist/proj([0-9]+)$ index.php?do=tasklist&project=$1 [L,QSA] + +# homepage (can be tasklist, toplevel, or roadmap; maybe gantt in future too) +RewriteRule ^index$ index.php?do=index [L,QSA] +RewriteRule ^index/proj([0-9]+)$ index.php?do=index&project=$1 [L,QSA] +RewriteRule ^newmultitasks/proj([0-9]+)$ index.php?do=newmultitasks&project=$1 [L,QSA] + +RewriteRule ^proj([0-9]+)/dev([0-9]+)$ index.php?project=$1&do=index&dev=$2 [L,QSA] +RewriteRule ^proj([0-9]+)$ index.php?project=$1 [L,QSA] + +</IfModule> + +<IfModule mod_env.c> +#SetEnv HTTP_HTACCESS_ENABLED on +</IfModule> |